Skip to main content

ACTI Create Report-Indicator Associations

This Playbook is part of the Accenture CTI v2 Pack.#

Deprecated

No available replacement.

  • NOTE: This playbook is deprecated.
  • This sub-playbook makes the connections between ACTI indicators (from ACTI Indicator API) and ACTI intelligence reports (from ACTI Report API) that have pulled into an XSOAR incident via the Enrich Incidents with Indicators and Enrich Incidents with Intelligence Reports sub-playbooks.
  • This sub-playbook cannot be integrated into generic XSOAR playbooks and playbooks from other vendors by itself. It is dependent upon the Enrich Incidents with Indicators and Enrich Incidents with Intelligence Reports sub-playbooks.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

  • GetIndicatorDBotScore
  • Exists
  • CreateIndicatorRelationship

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
IPThe extracted IP address.${IP.Address}Optional
IAThe Intelligence Alert associated with the indicator.${intelligence_alerts}Optional
IRThe Intelligence Report associated with the indicator.${intelligence_reports}Optional
URLThe extracted URL.${URL.Data}Optional
DomainThe extracted Domain.${Domain.Name}Optional
MFamThe Malware Family associated with the indicator.acti_malware_family_uuidOptional
TAThe Threat Actor associated with the indicator.acti_threat_actors_uuidOptional
TGThe Threat Group associated with the indicator.acti_threat_groups_uuidOptional
TCThe Threat Campaign associated with the indicator.acti_threat_campaigns_uuidOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


ACTI Create Report-Indicator Associations